The principle of proportionality not only addresses the conflict among competing interests under Article 15(1)(h) GDPR but also shapes the justifications for public interest restrictions on the right of access to AI decision-making information.
News and Research articles on GDPR
This piece examines the urgent need for a harmonised approach to balancing the rights to freedom of expression and information with the right to personal data protection under the EU legal system.
This paper delivers a legal analysis that explores whether the privacy labels of the Apple App Store and Google Play Store meet the requirements of the General Data Protection Regulation (GDPR), along with insights into the adoption of app developers to map the extent of the problem.
On the 23 February 2023, the Italian Data Protection Authority (DPA) issued a decision against Ediscom S.p.A. (Garante per la Protezione dei Dati Personali, 2023) explicitly referring to “dark patterns”, i.e. online design choices that manipulate users’ decision-making to benefit digital services.
European smart city technology development suffers from one-sided inputs and high compliance costs. Due to this developers may look into markets with lower standards for human rights compliance.
Reproducing the GDPR provided the LGPD with principles that compel firms to innovate in the Brazilian privacy-enhancing technologies market. To rebalance opportunities for Brazilian firms, this paper advocates implementing local content policy for privacy-enhancing technologies.
GDPR compliance can be hard, but does not have to, as we demonstrate in the context of consent banners and mobile apps.
The role of voluntary standards as intermediaries in the application of the Right to Data Portability: an empirical analysis.
Has the GDPR changed privacy in apps? We study how third-party tracking—a common privacy threat—has changed since the GDPR was introduced.
This paper is part of Governing “European values” inside data flows, a special issue of Internet Policy Review guest-edited by Kristina Irion, Mira Burri, Ans Kolk, Stefania Milan. Introduction Governments’ interest in the “datafied society” (Hintz et al., 2018) as an object of policy and regulation is nothing new, with a long-held recognition that governance protocols (policies, ethics frameworks, and regulations) can be used to reshape the technological infrastructure underpinning society and hence its nature (Floridi, 2018; van Dijck & Poell, 2016). However, the widespread adoption of the term “sovereignty”—a concept loaded with legal and political connotations—to describe authority over …
This article assesses the bidirectional interaction between meso- and macro-level data governance frameworks.
Can public authorities in the EU continue using US cloud services in light of the EU Court’s view of the US surveillance regime? Maybe, but it will require a lot of work.
The extraterritorial application of GDPR does not promote European values. Rather, it evokes wrong expectations about the universality of individual rights.
Although the GDPR paves the way for a coordinated EU-wide legal action against data protection infringements, only a reform of private international law rules can enhance the opportunities of data subjects to enforce their rights.
The European Commission recently released its first review of two years of application of the General Data Protection Regulation (GDPR). René Mahieu and Jef Ausloos do not agree with the largely positive self-assessment and explain their main points of contention by summarising their own submission to the Commission.
A young entrepreneur finds herself battling uphill against GDPR enforcement organisations in an effort to bring her AI personal assistant to the market. Can her technological wits outwin the legal shortcuts these organisations have in place?
Algorithmic processing of personal data is challenging the role of consent. Which are the necessary adaptations to maintain this important tool in data protection regulation?
Information and communication technologies allow tax administrations to gather and process large amounts of data in order to individuate tax evaders. However, how to strike a balance between privacy rights and tax compliance?
Polish digital rights organisation Panoptykon Foundation filed complaints against Google and Interactive Advertising Bureau (IAB) Europe under the General Data Protection Regulation (GDPR). Responses were fired quickly. Here's the reaction to the responses.